Technology
This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.
Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.
Rules:
1: All Lemmy rules apply
2: Do not post low effort posts
3: NEVER post naziped*gore stuff
4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.
5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)
6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist
7: crypto related posts, unless essential, are disallowed
view the rest of the comments
So, the real reason is because they're usually not implementing it themselves, and the service they're using has an array of options, and they went for the most "user friendly" approaches.
Registering an authenticator or typing numbers is viewed as hard by a lot of people, so SMS or an push notification are viewed as the easy route.
Could at least offer it, I don't consider SMS secure, and push notifications require that you have a supported mobile device.
You're not wrong, but it can be difficult to support more than the minimum without more buy-in from a financial perspective. Things beyond SMS tend to need an enrollment process that would impact the user sign-up flow.
You can create the user and store their phone number in one step, but totp sign-up usually needs something where you can create a provisional user, and then activate their MFA to activate the user.
It's why a lot of passkey stuff has a lot of potential, since it can make it easier for the user to sign-up, which has an appeal to people who are making decisions that have to consider sales and IT concerns.
If you have millions of customers or thousands of vendors, a problem that affects 1% of users will swamp all your administrative staff and bog down operations. In this economy that's a massive no no no. Like all things IT, the business people making the decisions can't see the long term view until it's forced on them cause they got pwned and it's still on the news.